Public Services > Central Government

Government: our online systems are secure

David Bicknell Published 29 October 2015

Whitehall responds to security fears over reported breach of Government Gateway; urges users to keep log-in details safe and be suspicious of unsolicited e-mails


The government has responded to reports suggesting there are security issues with the Government Gateway by insisting its online systems are secure.

The claims were made following a report in the Financial Times which suggested that profiles containing information shared by departments such as HM Revenue and Customs (HMRC) and the Department for Work and Pensions (DWP) have been hacked from the Government Gateway.

The FT said, "Profiles hacked from the 'Government Gateway' database -- which contains information shared by key departments such as HM Revenue & Customs (HMRC) and the Department for Work and Pensions (DWP) -- have been recently available for sale at $75 £49)." According to the report (subscription required), the data sets are seen as the "crown jewels" of identity theft, prompting calls - largely through social media - for the government to make its security position clear.

Government Gateway is presently used as the centralised registration tool to access local and national government services online, requiring users or organisations to create an account and provide a number of personal details to ensure secure access. The gateway's primary functions are expected to be superseded by the GOV.UK Verify ID assurance tool, which is expected to become a live service by April next year.

Following a round of high level discussions between departments such as the DWP, the Cabinet Office and HMRC, the government has rejected suggestions that the gateway service was compromised.

"Government online systems are secure. Users need to keep their log-in details safe, be suspicious of unsolicited emails and keep their anti-virus software up to date, just as they would for any other online service," said a statement on the report.

Kable senior analyst Daniel Jones argued that the FT report appeared to point to individual accounts having been compromised at the customer end, rather than a breach of the wider gateway system.

"Accusations levelled at the Government Gateway are always going to receive a receptive audience. It is not held in high esteem, and has been marked for replacement by the GOV.UK Verify program," he said.

"Still, it's far more plausible to assume compromise on the customer-end. A significant breach of the gateway itself would likely have been spotted by watchers of the 'Darkweb' before now, as it would have impacted the market price of stolen UK identities."

GOV.UK Verify is expected to switch from a beta to live service by April 2015, by which time, it will be initially expected to support 25 services across seven different departments.

The Government Digital Service (GDS) had previously anticipated completing the rollout of Verify across all eligible government public digital services by March 2016. The National Audit Office (NAO) warned late last year that any setbacks to this rollout plan would extend dependency on the existing "limited" assurance provided through the Government Gateway service.

"In 2011, we raised concerns over the urgent need to find a better alternative to the Government Gateway," the auditor said at the time.

"The Government Gateway provides only limited levels of identity assurance and, without further investment, its weaknesses will be increasingly exposed and under attack. Extending the gateway's life will delay the delivery of the digital by default agenda which needs higher levels of identity assurance."

Additional reporting by Neil Merrett.

Related articles:

Experian rules out GOV.UK Verify changes after T-Mobile data breach

Government rejects ID assurance study's security fears

GOV.UK Verify constrained by need for more datasets

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.